avahi: fix CVE-2024-52616 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zhang Peng <peng.zhang1.cn@windriver.com>	2025-10-27 14:09:14 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-30 11:06:28 +0000
commit	280f06735a693244a1d29dbad076fba0af30eb00 (patch)
tree	a6a5864e079b296aac9c1f335d172f7a31a951a0 /scripts/lib/checklayer
parent	b957a465f65c8eba449a68d5a98f69452ac7eb7e (diff)
download	poky-280f06735a693244a1d29dbad076fba0af30eb00.tar.gz

avahi: fix CVE-2024-52616

CVE-2024-52616: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52616] [https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm] Upstream patches: [https://github.com/avahi/avahi/commit/f8710bdc8b29ee1176fe3bfaeabebbda1b7a79f7] (Cherry pick from commit 28de3f131b17dc4165df927060ee51f0de3ada90) (From OE-Core rev: 3d36874e2beb64ca2a089a2be942cbbbbe1fff79) Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/checklayer')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: